// Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 package command import ( "io" "strings" "testing" "github.com/hashicorp/vault/api" "github.com/mitchellh/cli" ) func testWriteCommand(tb testing.TB) (*cli.MockUi, *WriteCommand) { tb.Helper() ui := cli.NewMockUi() return ui, &WriteCommand{ BaseCommand: &BaseCommand{ UI: ui, }, } } func TestWriteCommand_Run(t *testing.T) { t.Parallel() cases := []struct { name string args []string out string code int }{ { "not_enough_args", []string{}, "Not enough arguments", 1, }, { "empty_kvs", []string{"secret/write/foo"}, "Must supply data or use -force", 1, }, { "force_kvs", []string{"-force", "auth/token/create"}, "token", 0, }, { "force_f_kvs", []string{"-f", "auth/token/create"}, "token", 0, }, { "kvs_no_value", []string{"secret/write/foo", "foo"}, "Failed to parse K=V data", 1, }, { "single_value", []string{"secret/write/foo", "foo=bar"}, "Success!", 0, }, { "multi_value", []string{"secret/write/foo", "foo=bar", "zip=zap"}, "Success!", 0, }, { "field", []string{ "-field", "token_renewable", "auth/token/create", "display_name=foo", }, "false", 0, }, { "field_not_found", []string{ "-field", "not-a-real-field", "auth/token/create", "display_name=foo", }, "not present in secret", 1, }, } for _, tc := range cases { tc := tc t.Run(tc.name, func(t *testing.T) { t.Parallel() client, closer := testVaultServer(t) defer closer() ui, cmd := testWriteCommand(t) cmd.client = client code := cmd.Run(tc.args) if code != tc.code { t.Errorf("expected %d to be %d", code, tc.code) } combined := ui.OutputWriter.String() + ui.ErrorWriter.String() if !strings.Contains(combined, tc.out) { t.Errorf("expected %q to contain %q", combined, tc.out) } }) } t.Run("force", func(t *testing.T) { t.Parallel() client, closer := testVaultServer(t) defer closer() if err := client.Sys().Mount("transit/", &api.MountInput{ Type: "transit", }); err != nil { t.Fatal(err) } ui, cmd := testWriteCommand(t) cmd.client = client code := cmd.Run([]string{ "-force", "transit/keys/my-key", }) if exp := 0; code != exp { t.Fatalf("expected %d to be %d: %q", code, exp, ui.ErrorWriter.String()) } secret, err := client.Logical().Read("transit/keys/my-key") if err != nil { t.Fatal(err) } if secret == nil || secret.Data == nil { t.Fatal("expected secret to have data") } }) t.Run("stdin_full", func(t *testing.T) { t.Parallel() client, closer := testVaultServer(t) defer closer() stdinR, stdinW := io.Pipe() go func() { stdinW.Write([]byte(`{"foo":"bar"}`)) stdinW.Close() }() _, cmd := testWriteCommand(t) cmd.client = client cmd.testStdin = stdinR code := cmd.Run([]string{ "secret/write/stdin_full", "-", }) if code != 0 { t.Fatalf("expected 0 to be %d", code) } secret, err := client.Logical().Read("secret/write/stdin_full") if err != nil { t.Fatal(err) } if secret == nil || secret.Data == nil { t.Fatal("expected secret to have data") } if exp, act := "bar", secret.Data["foo"].(string); exp != act { t.Errorf("expected %q to be %q", act, exp) } }) t.Run("stdin_value", func(t *testing.T) { t.Parallel() client, closer := testVaultServer(t) defer closer() stdinR, stdinW := io.Pipe() go func() { stdinW.Write([]byte("bar")) stdinW.Close() }() _, cmd := testWriteCommand(t) cmd.client = client cmd.testStdin = stdinR code := cmd.Run([]string{ "secret/write/stdin_value", "foo=-", }) if code != 0 { t.Fatalf("expected 0 to be %d", code) } secret, err := client.Logical().Read("secret/write/stdin_value") if err != nil { t.Fatal(err) } if secret == nil || secret.Data == nil { t.Fatal("expected secret to have data") } if exp, act := "bar", secret.Data["foo"].(string); exp != act { t.Errorf("expected %q to be %q", act, exp) } }) t.Run("integration", func(t *testing.T) { t.Parallel() client, closer := testVaultServer(t) defer closer() _, cmd := testWriteCommand(t) cmd.client = client code := cmd.Run([]string{ "secret/write/integration", "foo=bar", "zip=zap", }) if code != 0 { t.Fatalf("expected 0 to be %d", code) } secret, err := client.Logical().Read("secret/write/integration") if err != nil { t.Fatal(err) } if secret == nil || secret.Data == nil { t.Fatal("expected secret to have data") } if exp, act := "bar", secret.Data["foo"].(string); exp != act { t.Errorf("expected %q to be %q", act, exp) } if exp, act := "zap", secret.Data["zip"].(string); exp != act { t.Errorf("expected %q to be %q", act, exp) } }) t.Run("communication_failure", func(t *testing.T) { t.Parallel() client, closer := testVaultServerBad(t) defer closer() ui, cmd := testWriteCommand(t) cmd.client = client code := cmd.Run([]string{ "foo/bar", "a=b", }) if exp := 2; code != exp { t.Errorf("expected %d to be %d", code, exp) } expected := "Error writing data to foo/bar: " combined := ui.OutputWriter.String() + ui.ErrorWriter.String() if !strings.Contains(combined, expected) { t.Errorf("expected %q to contain %q", combined, expected) } }) t.Run("no_tabs", func(t *testing.T) { t.Parallel() _, cmd := testWriteCommand(t) assertNoTabs(t, cmd) }) }